A total of 105 devices, including laptops, mobiles, tablets, cameras and hard drives, have been stolen from BBC offices and staff in the past two years, according to data obtained under the Freedom of Information Act (FoIA) by Griffin Law.
Over the two-year period queried, the corporation revealed that individual microphones were the most frequently purloined device, with 36 taken in total – 10 in 2019 and 26 last year. In the same 24 months, the BBC also lost 35 smartphones – 19 in 2019 and 16 in 2020.
The data also revealed 11 laptops and MacBook devices had been stolen in 2019, and six in 2020, and additionally two laptops were reported stolen last year. The BBC also lost four hard drives, a camcorder and an Amazon Fire TV Stick.
A BBC spokesperson commented: “The BBC takes incidents of crime seriously and we are constantly implementing and reviewing measures to reduce crime and recover lost and stolen items.”
The nature of many of the devices taken – particularly during the course of 2020 – could indicate some degree of insider action at the BBC, particularly with regard to microphones, potentially of use to staffers working from home.
Edward Blake, area vice-president of Absolute Software for the UK and Ireland, said: “One of the biggest challenges facing organisations during the Covid-19 pandemic has been successfully securing and managing key devices like laptops from loss, theft and rising cyber risks.
“You can’t protect what you cannot see [and] with so many people either working remotely or on the move, large organisations like the BBC will inevitably see devices go missing, some of which will contain confidential data,” he said.
Blake said that as organisations such as the BBC continue to mandate work-from-home policies for non-key workers, they can no longer afford to rely solely on network-based cyber security policies, but rather needed to implement more endpoint protection measures.
“This means ensuring they have an unbreakable digital tether to all devices capable of delivering complete visibility and control, enabling real-time insights into the state of those devices and allowing them to self-heal security controls and productivity tools,” he said.
Writing in Computer Weekly earlier in 2021, Elliot Rose and Cate Pye of PA Consulting said that in light of continuing work from home orders, security teams needed to provide users with processes and systems that encourage and support compliance with cyber security policies, which could include device policies.
“While trying to be all-controlling erodes the effectiveness gains we have made in the new virtual world, some level of control is still required. This should be explained and viewed as supporting and protecting our people from threats,” they said.
Mike Gillespie, managing director and co-founder of independent security consultancy Advent IM, said that by working with users to help them understand what security teams are trying to achieve, and empowering them, organisations can better encourage initiative, discretion and common sense.
“Ultimately, we end up with a newly educated, empowered, disciplined and highly motivated remote workforce who are working with us to secure our assets,” he wrote. “Longer term, this could actually result in a lower cost of ownership through a decreasing dependency on the technology alone.”